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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S. C. § 1 33). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )□ Responsive to communication(s) filed on . 

2a)n This action is FINAL. 2b)S This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 1-11 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) 13 Claim(s) 1-3 and 7-11 is/are rejected. 

7) S Claim(s) 4^6 is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10)0 The drawing(s) filed on is/are: a)n accepted or b)0 objected to by the Examiner. 

Applicant may not request that any objection to the drawlng(s) be held In abeyance. See 37 CFR 1.85(a). 
1 1 )□ The proposed drawing correction filed on is: a)^ approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) n The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§ 119 and 120 

13) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a)nAll b)n Some*c)n None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) 0 Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) D The translation of the foreign language provisional application has been received. 

15) n Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 

Attachment(5) 

1) S Notice of References Cited (PTO-892) 4) □ Interview Summary {PTO-413) Paper No(s). . 

2) CD Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) O Notice of Informal Patent Application (PTO-152) 

3) 13 Information Disclosure Statement(s) (PTO-1449) Paper No(s) 4. 6) □ Other: 



U.S. Patent and TfBdernartt Office 
PTOL-326 (Rev. 04-01) 



Office Action Summary 



Part of Paper No. 9 





Application/Control Number: 09/354,161 
Art Unit: 2131 



Page 2 



DETAILED ACTION 



Claims 1-11 were pending for examination. 



Claim Rejections - 35 USC §102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this 
title before the invention thereof by the applicant for patent. 



Protection Act of 1999 (AIPA) and the Intellectual Property and High Technology 
Technical Amendments Act of 2002 do not apply when the reference is a U.S. patent 
resulting directly or indirectly from an international application filed before November 
29, 2000. Therefore, the prior art date of the reference is determined under 35 U.S.C. 
102(e) prior to the amendment by the ADPA (pre-AIPA 35 U.S.C. 102(e)). 

Claims 1-3,7-1 1 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Apperson et al, U.S. Pat. No. 5,978,484, filed April 1996. 

As per claims 1, 9-11, Apperson is directed to a system and method for 
distributing and executing an executable code wherein before sending executable codes 
to a client (i.e. a terminal) , a distributing authority (i.e. a service provider) associates a 
privilege request code (i.e. predefined fianctionality) with the executable code, see 
abstract. The privilege request code indicates a requested set of privileges that the 
executable code will potentially exercise during execution. 



The changes made to 35 U.S.C. 102(e) by the American Inventors 
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Apperson teaches that the distributing authority digitally sign s the executable 
code and the privilege request code, and also provides a certificate that can be traced by 
the client to a known certifying authority (CA), see col. 2, lines 40-53. 

Apperson further teaches that each certificate indicated an authorized set of 
privileges that the holder of certificate is authorized pass on to lower members of the 
hierarchy and that when a distributing authority distributes actual executable code, the 
associated privilege request code must indicate a subset of the privileges indicated by the 
privilege authorization code of the certificate held by the distributing authority, see col. 2, 
lines 61-67. That is to say, the distributed executable code (or predefined functionaUty) 
is part of the privileges indicated and held by the privilege authorization code (i.e. global 
functionality). 

As per claim 2, Apperson teaches that the structure of hierarchy resembles a tree 
structure (tree-like) with a "root" member at the top connected to lower "leaf members 
by "branch". 

Apperson further teaches that the root Ca has authority over all possible privileges 
that an executable object might potentially exercise and that beneath the root are plurality 
of distributing authorities to distribute code with a particular privilege request code, see 
col. 5, lines 36-67. 

Apperson further teaches that when a client computer (i.e. a terminal T) receives 
an executable object from a distributing authority DA3, the executable object is signed by 
DA3 and that the distributing authority DA3 receives its privilege authorization code 
from a certifying authority CA2. DA3's privilege authorization code is a subset of CA2's 
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privilege authorization code. The CAl's receives its privilege authorization code from the 
root certifying authority which has all possible privileges that might be exercised by 
executable objects, see col. 6, lines 16-29, see also Fig. 3. 

As per claim 3 and 8, Apperson teaches that the client computer (i.e. a terminal 
T) performs a step of verifying that each particular certificate's indicated authorized set 
of privileges is a subset of the authorized set of privileges indicated in the digital 
certificate of the next-higher member of the hierarchy that digitally signed the particular 
certificate, see col. 8, line 65 through line 9 line 10. 

Apperson further teaches a decision block indicating the action taken as a result 
of the verification steps performed by the client computer which involves preventing the 
executable code from exercising any privileges that are not in the requested set of 
privileges indicated by the privilege request code, see col. 9, lines 1 1-29. 

As per claim 7, Apperson teaches that credentials associated with the server 
computer or distributing authority include s privilege authorization code indicating which 
privileges or privilege classes are allowed to be exercised by code distributed from server 
or another distributing authority, see col. 4, lines 55-65. Apperson further teaches that the 
credentials are issued to server or to the distributing authority by one or more certifying 
authorities and are digitally signed by the certifying authorities and that the certifying 
authorities are responsible for verifying the trustworthiness of the distributing authority 
(i.e. service providers) and that the certifying authorities determine which privileges any 
particular distributing authority should be allowed (or entitled) to authorize, see col. 4, 
line 66 through col. 6, linelO. 
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As per claim 9, Apperson's invention includes a first step of establishing a 
hierarchy of authorities comprising a plurality of certifying authorities and a plurality of 
distributing authorities (i.e. service providers) , see col. 7, lines 35-42. the members of the 
hierarchy are connected for communications over a network or other communications 
medium. 

Apperson teaches assigning a privilege authorization code to each member of the 
hierarchy. The privilege authorization code indicates a set of privileges that a particular 
member (such as distributing authority or service provider) is authorized to incorporate in 
executable objects provided from one member for execution on other computers, see col. 
7, Hnes 43-66, col. 8, lines 9-16. Apperson further teaches that the privilege 
authorization code indicates maximum set of privileges that member can include in the 
assigned privilege authorization codes of other, lower members of hierarchy. 

Apperson teaches that the distributing authority (i.e. service provider) creates an 
executable code and optional data with a privilege request code associated wit the 
executable code. The privilege request code indicates a requested set of privileges that the 
executable code will potentially exercise on a client computer, see col. 8, lines 1-16. the 
requested set of privileges is a subset of the authorized set of privileges indicated the 
distributing authority's credentials. 



Claims 4-6 are objected to as being dependent upon a rejected base claim, but 
would be allowable if rewritten in independent form including all of the limitations of the 
base claim and any intervening claims. 



Allowable Subject Matter 
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Conclusion 



Any inquiry concerning this communication or earlier communications from 
examiner should be directed to Taghi Arani, whose telephone number is (703) 305-4274. 
The examiner can normally be reached Monday through Friday from 8:00 AM to 5:30 
PM. 

If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 
supervisor, Ayaz Sheikh, can be reached at (703) 305-9648. The Fax numbers for the 
organization where this application is assigned are: 
After-final (703) 746-7238 
Official (703) 746-7239 
Non-Official/Draft (703) 746-7240 
Taghi Arani 
Patent Examiner 
September 11,2003 




